CVE-2017-5944
NONE EPSS 84.6%
Published Jul 3, 20179y ago · Modified Jun 17, 20262w ago
Published Jul 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
Threat Intelligence
EPSS Exploit Probability
84.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 41
| Vendor | Product | Version | Range |
|---|---|---|---|
| bestpractical | request_tracker | 4.0.0 | any |
| bestpractical | request_tracker | 4.0.1 | any |
| bestpractical | request_tracker | 4.0.2 | any |
| bestpractical | request_tracker | 4.0.3 | any |
| bestpractical | request_tracker | 4.0.4 | any |
| bestpractical | request_tracker | 4.0.5 | any |
| bestpractical | request_tracker | 4.0.6 | any |
| bestpractical | request_tracker | 4.0.7 | any |
| bestpractical | request_tracker | 4.0.8 | any |
| bestpractical | request_tracker | 4.0.9 | any |
| bestpractical | request_tracker | 4.0.10 | any |
| bestpractical | request_tracker | 4.0.11 | any |
| bestpractical | request_tracker | 4.0.12 | any |
| bestpractical | request_tracker | 4.0.13 | any |
| bestpractical | request_tracker | 4.0.14 | any |
| bestpractical | request_tracker | 4.0.15 | any |
| bestpractical | request_tracker | 4.0.16 | any |
| bestpractical | request_tracker | 4.0.17 | any |
| bestpractical | request_tracker | 4.0.18 | any |
| bestpractical | request_tracker | 4.0.19 | any |
| bestpractical | request_tracker | 4.0.20 | any |
| bestpractical | request_tracker | 4.0.21 | any |
| bestpractical | request_tracker | 4.0.22 | any |
| bestpractical | request_tracker | 4.0.23 | any |
| bestpractical | request_tracker | 4.0.24 | any |
| bestpractical | request_tracker | 4.2.0 | any |
| bestpractical | request_tracker | 4.2.1 | any |
| bestpractical | request_tracker | 4.2.2 | any |
| bestpractical | request_tracker | 4.2.3 | any |
| bestpractical | request_tracker | 4.2.4 | any |
| bestpractical | request_tracker | 4.2.5 | any |
| bestpractical | request_tracker | 4.2.6 | any |
| bestpractical | request_tracker | 4.2.7 | any |
| bestpractical | request_tracker | 4.2.8 | any |
| bestpractical | request_tracker | 4.2.9 | any |
| bestpractical | request_tracker | 4.2.10 | any |
| bestpractical | request_tracker | 4.2.11 | any |
| bestpractical | request_tracker | 4.2.12 | any |
| bestpractical | request_tracker | 4.2.13 | any |
| bestpractical | request_tracker | 4.4.0 | any |
| bestpractical | request_tracker | 4.4.1 | any |
References 3
- debian.org http://www.debian.org/security/2017/dsa-3882
- securityfocus.com http://www.securityfocus.com/bid/99381
- forum.bestpractical.com https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.